Command-line tool v1.12.2: op create item --template=file.json

Options
Michael_1P
Michael_1P
in CLI

We have added a new, smoother, more secure method of creating an item using the command-line tool!

  1. Get a template for the category of item you want to create, and save
    it to a file:

    op get template "Login" > file.json

  2. Edit the template to add your information.

  3. Create the item from the template file:

    op create item "Login" --template=file.json

  4. When you’re finished, remove the template file.

You no longer need to use op encode, which is now officially deprecated and will be removed in our next major release.

Release notes and download links for v1.12.2.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • jscarle
    jscarle
    Community Member
    Options

    I am not using op encode directly, but I do create an item based on a template as follows:

    string command = $"create item \"{template.Name}\" \"{template.Details.ToBase64()}\"";

    See: https://github.com/jscarle/OnePassword.NET/blob/master/OnePassword.NET/OnePasswordManager.cs#L110

    Are you saying that you're removing the entire Base64 command line functionality?

  • Michael_1P
    Michael_1P
    Options

    @jscarle We are not removing any functionality in the v1 releases. Any breaking changes to the command-line tool’s inputs would be done in a v2 release.

    Passing your about-to-be-created vault item details to op as a command-line argument is insecure on a multi-user system or on a system where untrusted processes are running. It is possible for other users or processes to see the arguments that are passed to any program, which means that they would be able to see your vault item details for the window that op create item is running. We want to make it hard for users to be insecure when using 1Password, so we are encouraging users to start using the --template flag instead.

    For your .NET wrapper, may I suggest creating a temporary file that only the current user can access, writing that JSON template to it (no need to base64-encode it), and then removing it after the create item command finishes.

  • jscarle
    jscarle
    Community Member
    Options

    See, there's my issue with that. Creating a temporary file leaves traces in the file system that could be recovered (undeleted) and would effectively compromise security.

    What about allowing input of the template through stdin in a similar way to the create document command?

This discussion has been closed.